Re: [PATCH v6 02/13] confidential guest support: Introduce new confidential guest support class

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jan 12, 2021 at 09:46:17AM +0000, Daniel P. Berrangé wrote:
> On Tue, Jan 12, 2021 at 03:44:57PM +1100, David Gibson wrote:
> > Several architectures have mechanisms which are designed to protect guest
> > memory from interference or eavesdropping by a compromised hypervisor.  AMD
> > SEV does this with in-chip memory encryption and Intel's MKTME can do
> > similar things.  POWER's Protected Execution Framework (PEF) accomplishes a
> > similar goal using an ultravisor and new memory protection features,
> > instead of encryption.
> > 
> > To (partially) unify handling for these, this introduces a new
> > ConfidentialGuestSupport QOM base class.  "Confidential" is kind of vague,
> > but "confidential computing" seems to be the buzzword about these schemes,
> > and "secure" or "protected" are often used in connection to unrelated
> > things (such as hypervisor-from-guest or guest-from-guest security).
> > 
> > The "support" in the name is significant because in at least some of the
> > cases it requires the guest to take specific actions in order to protect
> > itself from hypervisor eavesdropping.
> > 
> > Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
> > ---
> >  backends/confidential-guest-support.c     | 30 +++++++++++++++
> >  backends/meson.build                      |  1 +
> >  include/exec/confidential-guest-support.h | 46 +++++++++++++++++++++++
> >  include/qemu/typedefs.h                   |  1 +
> >  target/i386/sev.c                         |  3 +-
> >  5 files changed, 80 insertions(+), 1 deletion(-)
> >  create mode 100644 backends/confidential-guest-support.c
> >  create mode 100644 include/exec/confidential-guest-support.h
> > 
> > diff --git a/backends/confidential-guest-support.c b/backends/confidential-guest-support.c
> > new file mode 100644
> > index 0000000000..2c7793c74f
> > --- /dev/null
> > +++ b/backends/confidential-guest-support.c
> > @@ -0,0 +1,30 @@
> > +/*
> > + * QEMU Confidential Guest support
> > + *
> > + * Copyright: David Gibson, Red Hat Inc. 2020
> > + *
> > + * Authors:
> > + *  David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
> > + *
> > + * This work is licensed under the terms of the GNU GPL, version 2 or
> > + * later.  See the COPYING file in the top-level directory.
> > + *
> > + */
> > +
> > +#include "qemu/osdep.h"
> > +
> > +#include "exec/confidential-guest-support.h"
> > +
> > +static const TypeInfo confidential_guest_support_info = {
> > +    .parent = TYPE_OBJECT,
> > +    .name = TYPE_CONFIDENTIAL_GUEST_SUPPORT,
> > +    .class_size = sizeof(ConfidentialGuestSupportClass),
> > +    .instance_size = sizeof(ConfidentialGuestSupport),
> > +};
> > +
> > +static void confidential_guest_support_register_types(void)
> > +{
> > +    type_register_static(&confidential_guest_support_info);
> > +}
> > +
> > +type_init(confidential_guest_support_register_types)
> 
> This should all be replaced by OBJECT_DEFINE_TYPE

Ah, didn't know about that one.  I also appear to be the first user...

> > diff --git a/backends/meson.build b/backends/meson.build
> > index 484456ece7..d4221831fc 100644
> > --- a/backends/meson.build
> > +++ b/backends/meson.build
> > @@ -6,6 +6,7 @@ softmmu_ss.add([files(
> >    'rng-builtin.c',
> >    'rng-egd.c',
> >    'rng.c',
> > +  'confidential-guest-support.c',
> >  ), numa])
> >  
> >  softmmu_ss.add(when: 'CONFIG_POSIX', if_true: files('rng-random.c'))
> > diff --git a/include/exec/confidential-guest-support.h b/include/exec/confidential-guest-support.h
> > new file mode 100644
> > index 0000000000..f9cf170802
> > --- /dev/null
> > +++ b/include/exec/confidential-guest-support.h
> > @@ -0,0 +1,46 @@
> > +/*
> > + * QEMU Confidential Guest support
> > + *   This interface describes the common pieces between various
> > + *   schemes for protecting guest memory or other state against a
> > + *   compromised hypervisor.  This includes memory encryption (AMD's
> > + *   SEV and Intel's MKTME) or special protection modes (PEF on POWER,
> > + *   or PV on s390x).
> > + *
> > + * Copyright: David Gibson, Red Hat Inc. 2020
> > + *
> > + * Authors:
> > + *  David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
> > + *
> > + * This work is licensed under the terms of the GNU GPL, version 2 or
> > + * later.  See the COPYING file in the top-level directory.
> > + *
> > + */
> > +#ifndef QEMU_CONFIDENTIAL_GUEST_SUPPORT_H
> > +#define QEMU_CONFIDENTIAL_GUEST_SUPPORT_H
> > +
> > +#ifndef CONFIG_USER_ONLY
> > +
> > +#include "qom/object.h"
> > +
> > +#define TYPE_CONFIDENTIAL_GUEST_SUPPORT "confidential-guest-support"
> > +#define CONFIDENTIAL_GUEST_SUPPORT(obj)                                    \
> > +    OBJECT_CHECK(ConfidentialGuestSupport, (obj),                          \
> > +                 TYPE_CONFIDENTIAL_GUEST_SUPPORT)
> > +#define CONFIDENTIAL_GUEST_SUPPORT_CLASS(klass)                            \
> > +    OBJECT_CLASS_CHECK(ConfidentialGuestSupportClass, (klass),             \
> > +                       TYPE_CONFIDENTIAL_GUEST_SUPPORT)
> > +#define CONFIDENTIAL_GUEST_SUPPORT_GET_CLASS(obj)                          \
> > +    OBJECT_GET_CLASS(ConfidentialGuestSupportClass, (obj),                 \
> > +                     TYPE_CONFIDENTIAL_GUEST_SUPPORT)
> > +
> 
> This should all be replaced by  OBJECT_DECLARE_TYPE

Also done, no thanks to the incorrect documentation in
docs/devel/qom.rst (it says OBJECT_DECLARE_SIMPLE_TYPE takes 4
arguments rather than 2.

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux